The attacks against South Korean media and banking organizations last week severely disrupted a handful of organizations with a coordinated distribution of “wiper” malware designed to destroy data on hard drives and render them unbootable. At 14:00 KST on March 20, 2013, the wiper was triggered across three media organizations and four banks, setting off a firestorm of speculation and finger-pointing and that which continues as of this writing. In this post, I’ll share a perspective no one else seems to be talking about, but may be the real motivation behind these attacks.

The What and the Possible Why

Let’s start with what we know:

The attack was highly targeted

The malware was specifically designed to distribute the wiper payload throughout the impacted organizations

The malware was timed to deploy its destructive payload simultaneously across all affected organizations

The resulting loss of data and downtime has been severe

While the “what” of the attack is well established, the “why” and “how” are still a matter of debate. Theories postulated include an outright act of warfare from North Korea designed to economically disrupt South Korea, or an act of sabotage to cover the tracks of data exfiltration allegedly wrought by China. But what if there were an explanation that was less about countries and politics and more about that all-time motivator of crime: money? Consider, if you will, the following timeline. Read More »

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.